[Pkg-kde-extras] Bug#768191: CVE-2014-8483: konversation: out-of-bounds read issue

Diane Trout diane at ghic.org
Wed Nov 5 19:54:29 UTC 2014 

Package: konversation
Version: 1.5-1
Severity: important

Check for invalid input in encrypted buffers

The ECB Blowfish decryption function assumed that encrypted input would
always come in blocks of 12 characters, as specified. However, buggy
clients or annoying people may not adhere to that assumption, causing
the core to crash while trying to process the invalid base64 input.

(Description copied from http://bugs.quassel-irc.org/issues/1314)



-- System Information:
Debian Release: jessie/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'testing'), (500, 'stable'), (110, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages konversation depends on:
ii  kde-runtime        4:4.14.2-1
ii  kdepim-runtime     4:4.14.2-1
ii  konversation-data  1.5-1
ii  libc6              2.19-12
ii  libgcc1            1:4.9.1-19
ii  libkabc4           4:4.14.2-1
ii  libkde3support4    4:4.14.2-3
ii  libkdecore5        4:4.14.2-3
ii  libkdeui5          4:4.14.2-3
ii  libkemoticons4     4:4.14.2-3
ii  libkidletime4      4:4.14.2-3
ii  libkio5            4:4.14.2-3
ii  libknotifyconfig4  4:4.14.2-3
ii  libkparts4         4:4.14.2-3
ii  libkresources4     4:4.14.2-1
ii  libnepomuk4        4:4.14.2-3
ii  libnepomukutils4   4:4.14.2-3
ii  libphonon4         4:4.8.0-3
ii  libqca2            2.0.3-6
ii  libqt4-dbus        4:4.8.6+git64-g5dc8b2b+dfsg-2+b1
ii  libqt4-network     4:4.8.6+git64-g5dc8b2b+dfsg-2+b1
ii  libqt4-qt3support  4:4.8.6+git64-g5dc8b2b+dfsg-2+b1
ii  libqt4-svg         4:4.8.6+git64-g5dc8b2b+dfsg-2+b1
ii  libqt4-xml         4:4.8.6+git64-g5dc8b2b+dfsg-2+b1
ii  libqtcore4         4:4.8.6+git64-g5dc8b2b+dfsg-2+b1
ii  libqtgui4          4:4.8.6+git64-g5dc8b2b+dfsg-2+b1
ii  libsolid4          4:4.14.2-3
ii  libsoprano4        2.9.4+dfsg-1.1
ii  libstdc++6         4.9.1-19
ii  phonon             4:4.8.0-3

konversation recommends no packages.

konversation suggests no packages.

-- no debconf information

More information about the pkg-kde-extras mailing list